ISPConfig3 devel
blame | history | patch | commit | commitdiff | ignore whitespace
tbrehm
2013-02-22 526b997c9891a796b152cdbab8e329b356b1f596 
 install/lib/installer_base.lib.php


@@ -132,7 +132,7 @@


      if(is_installed('named') || is_installed('bind') || is_installed('bind9')) $conf['bind']['installed'] = true;


      if(is_installed('squid')) $conf['squid']['installed'] = true;


      if(is_installed('nginx')) $conf['nginx']['installed'] = true;


      // if(is_installed('iptables') && is_installed('ufw')) $conf['ufw']['installed'] = true;


      if(is_installed('iptables') && is_installed('ufw')) $conf['ufw']['installed'] = true;


      if(is_installed('fail2ban-server')) $conf['fail2ban']['installed'] = true;


      if(is_installed('vzctl')) $conf['openvz']['installed'] = true;


      if(is_dir("/etc/Bastille")) $conf['bastille']['installed'] = true;


@@ -215,6 +215,7 @@


      $tpl_ini_array['jailkit']['jailkit_chroot_app_programs'] = $conf['jailkit']['jailkit_chroot_app_programs'];


      $tpl_ini_array['fastcgi']['fastcgi_phpini_path'] = $conf['fastcgi']['fastcgi_phpini_path'];


      $tpl_ini_array['fastcgi']['fastcgi_starter_path'] = $conf['fastcgi']['fastcgi_starter_path'];


      $tpl_ini_array['fastcgi']['fastcgi_bin'] = $conf['fastcgi']['fastcgi_bin'];


      $tpl_ini_array['server']['hostname'] = $conf['hostname'];


      $tpl_ini_array['server']['ip_address'] = @gethostbyname($conf['hostname']);


      $tpl_ini_array['web']['website_basedir'] = $conf['web']['website_basedir'];


@@ -423,7 +424,7 @@


            $this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);


         }




         $query = "GRANT SELECT, UPDATE (`ssl_request`, `ssl_cert`, `ssl_action`) ON ".$value['db'].".`web_domain` TO '".$value['user']."'@'".$host."' ";


         $query = "GRANT SELECT, UPDATE (`ssl_request`, `ssl_cert`, `ssl_action`, `ssl_key`) ON ".$value['db'].".`web_domain` TO '".$value['user']."'@'".$host."' ";


         if ($verbose){


            echo $query ."\n";


         }


@@ -472,6 +473,14 @@


         }




         $query = "GRANT SELECT, UPDATE ON ".$value['db'].".`aps_instances` TO '".$value['user']."'@'".$host."' ";


         if ($verbose){


            echo $query ."\n";


         }


         if(!$this->dbmaster->query($query)) {


            $this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);


         }


			


         $query = "GRANT SELECT, INSERT, DELETE ON ".$value['db'].".`web_backup` TO '".$value['user']."'@'".$host."' ";


         if ($verbose){


            echo $query ."\n";


         }


@@ -558,6 +567,23 @@


            }


         }


      }


		


      $config_dir = $conf['mailman']['config_dir'].'/';


      $full_file_name = $config_dir.'virtual_to_transport.sh';


		


      //* Backup exiting virtual_to_transport.sh script


      if(is_file($full_file_name)) {


         copy($full_file_name, $config_dir.'virtual_to_transport.sh~');


      }


		


      copy('tpl/mailman-virtual_to_transport.sh',$full_file_name);


      chgrp($full_file_name,'list');


      chmod($full_file_name,0750);


		


      if(!is_file('/var/lib/mailman/data/transport-mailman')) touch('/var/lib/mailman/data/transport-mailman');


      exec('/usr/sbin/postmap /var/lib/mailman/data/transport-mailman');


		


      exec('/usr/lib/mailman/bin/genaliases 2>/dev/null');




      $virtual_domains = '';


      if($status == 'update')


@@ -673,7 +699,7 @@


            'smtpd_tls_security_level = may',


            'smtpd_tls_cert_file = '.$config_dir.'/smtpd.cert',


            'smtpd_tls_key_file = '.$config_dir.'/smtpd.key',


            'transport_maps = proxy:mysql:'.$config_dir.'/mysql-virtual_transports.cf',


            'transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:'.$config_dir.'/mysql-virtual_transports.cf',


            'relay_domains = mysql:'.$config_dir.'/mysql-virtual_relaydomains.cf',


            'relay_recipient_maps = mysql:'.$config_dir.'/mysql-virtual_relayrecipientmaps.cf',


            'proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps',


@@ -724,7 +750,7 @@


      if(!stristr($options,'dont-create-certs')) {


         //* Create the SSL certificate


         $command = 'cd '.$config_dir.'; '


               .'openssl req -new -outform PEM -out smtpd.cert -newkey rsa:2048 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509';


               .'openssl req -new -outform PEM -out smtpd.cert -newkey rsa:4096 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509';


         exec($command);




         $command = 'chmod o= '.$config_dir.'/smtpd.key';


@@ -1341,7 +1367,6 @@


      exec('chown root:root '.$conf["squid"]["config_dir"].'/'.$configfile);


   }




   /*


   public function configure_ufw_firewall()


   {


      $configfile = 'ufw.conf';


@@ -1351,9 +1376,8 @@


      exec('chmod 600 /etc/ufw/ufw.conf');


      exec('chown root:root /etc/ufw/ufw.conf');


   }


   */




   public function configure_firewall() {


   public function configure_bastille_firewall() {


      global $conf;




      $dist_init_scripts = $conf['init_scripts'];


@@ -1498,12 +1522,16 @@


         }




         if(!is_file($conf['web']['website_basedir'].'/php-fcgi-scripts/apps/.php-fcgi-starter')) {


            $content = rf('tpl/apache_apps_fcgi_starter.master');


            $content = str_replace('{fastcgi_bin}', $conf['fastcgi']['fastcgi_bin'], $content);


            $content = str_replace('{fastcgi_phpini_path}', $conf['fastcgi']['fastcgi_phpini_path'], $content);


            mkdir($conf['web']['website_basedir'].'/php-fcgi-scripts/apps', 0755, true);


            copy('tpl/apache_apps_fcgi_starter.master',$conf['web']['website_basedir'].'/php-fcgi-scripts/apps/.php-fcgi-starter');


            //copy('tpl/apache_apps_fcgi_starter.master',$conf['web']['website_basedir'].'/php-fcgi-scripts/apps/.php-fcgi-starter');


            wf($conf['web']['website_basedir'].'/php-fcgi-scripts/apps/.php-fcgi-starter', $content);


            exec('chmod +x '.$conf['web']['website_basedir'].'/php-fcgi-scripts/apps/.php-fcgi-starter');


            exec('chown -R ispapps:ispapps '.$conf['web']['website_basedir'].'/php-fcgi-scripts/apps');




         }


         }			


      }


      if($conf['nginx']['installed'] == true){


         $apps_vhost_user = escapeshellcmd($conf['web']['apps_vhost_user']);


@@ -1555,6 +1583,16 @@


         //$content = str_replace('{fpm_port}', ($conf['nginx']['php_fpm_start_port']+1), $content);


         $content = str_replace('{fpm_socket}', $fpm_socket, $content);


         $content = str_replace('{cgi_socket}', $cgi_socket, $content);


			


         if(file_exists('/var/run/php5-fpm.sock')){


            $use_tcp = '#';


            $use_socket = '';


         } else {


            $use_tcp = '';


            $use_socket = '#';


         }


         $content = str_replace('{use_tcp}', $use_tcp, $content);


         $content = str_replace('{use_socket}', $use_socket, $content);




         wf($vhost_conf_dir.'/apps.vhost', $content);




@@ -1798,9 +1836,14 @@


      exec("chmod -R 770 $install_dir/server/aps_packages");




      //* make sure that the server config file (not the interface one) is only readable by the root user


      chmod($install_dir.'/server/lib/'.$configfile, 0600);


      chown($install_dir.'/server/lib/'.$configfile, 'root');


      chgrp($install_dir.'/server/lib/'.$configfile, 'root');


      chmod($install_dir.'/server/lib/config.inc.php', 0600);


      chown($install_dir.'/server/lib/config.inc.php', 'root');


      chgrp($install_dir.'/server/lib/config.inc.php', 'root');


		


      //* Make sure thet the interface config file is readable by user ispconfig only


      chmod($install_dir.'/interface/lib/config.inc.php', 0600);


      chown($install_dir.'/interface/lib/config.inc.php', 'ispconfig');


      chgrp($install_dir.'/interface/lib/config.inc.php', 'ispconfig');




      chmod($install_dir.'/server/lib/remote_action.inc.php', 0600);


      chown($install_dir.'/server/lib/remote_action.inc.php', 'root');


@@ -1862,6 +1905,11 @@


         } else {


            $content = str_replace('{ssl_comment}', '#', $content);


         }


         if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key') && is_file($install_dir.'/interface/ssl/ispserver.bundle')) {


            $content = str_replace('{ssl_bundle_comment}', '', $content);


         } else {


            $content = str_replace('{ssl_bundle_comment}', '#', $content);


         }




         wf($vhost_conf_dir.'/ispconfig.vhost', $content);




@@ -1874,12 +1922,14 @@


            }


         }


         if(!is_file('/var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter')) {


            $content = rf('tpl/apache_ispconfig_fcgi_starter.master');


            $content = str_replace('{fastcgi_bin}', $conf['fastcgi']['fastcgi_bin'], $content);


            $content = str_replace('{fastcgi_phpini_path}', $conf['fastcgi']['fastcgi_phpini_path'], $content);


            mkdir('/var/www/php-fcgi-scripts/ispconfig', 0755, true);


            copy('tpl/apache_ispconfig_fcgi_starter.master','/var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter');


            wf('/var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter', $content);


            exec('chmod +x /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter');


            symlink($install_dir.'/interface/web','/var/www/ispconfig');


            exec('chown -R ispconfig:ispconfig /var/www/php-fcgi-scripts/ispconfig');




         }


      }




@@ -1962,9 +2012,9 @@


      //* Create the ispconfig auth log file and set uid/gid


      if(!is_file($conf['ispconfig_log_dir'].'/auth.log')) {


         touch($conf['ispconfig_log_dir'].'/auth.log');


         exec('chown ispconfig:ispconfig '. $conf['ispconfig_log_dir'].'/auth.log');


         exec('chmod 660 '. $conf['ispconfig_log_dir'].'/auth.log');


      }


      exec('chown ispconfig:ispconfig '. $conf['ispconfig_log_dir'].'/auth.log');


      exec('chmod 660 '. $conf['ispconfig_log_dir'].'/auth.log');




      if(is_user('getmail')) {


         rename($install_dir.'/server/scripts/run-getmail.sh','/usr/local/bin/run-getmail.sh');


@@ -2201,4 +2251,4 @@


   }


}




?>


?>